Sample viewer

vx.netlux.org/Virus.DOS.Mordor.1110

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:01:30.309860146Z 250 PC: 12a62 | UNKNOWN!
2018-12-17T22:01:30.312097412Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-17T22:01:30.314888497Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-17T22:01:30.673462625Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-17T22:01:30.67647522Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:30.678168366Z 74 PC: 12dbf | Reallocate memory
2018-12-17T22:01:30.680034785Z 75 PC: 12e16 | Execute program
2018-12-17T22:01:30.707283992Z 250 PC: 13fd2 | UNKNOWN!
2018-12-17T22:01:30.709020099Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-17T22:01:30.711196279Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-17T22:01:30.715321259Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-17T22:01:30.718302033Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:30.719537823Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:12.42761374Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:12.429420193Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:12.43230748Z 9 PC: 12a77 | Display string (Could not find end pointer)
2018-12-25T11:43:12.454109672Z 76 PC: 12a7c | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:12.55359769Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:12.554280018Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:12.556836496Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:12.91351839Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:12.915599638Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:12.918118636Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:12.919885546Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:12.932778272Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:12.933759508Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:12.935790224Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:12.937427929Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:12.94012864Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:12.942564553Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:13.045686786Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:13.04786283Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:13.05011517Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.374918527Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.376223381Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:13.378845961Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:13.380637213Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:13.394691155Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:13.395903705Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:13.398206938Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.400964986Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:13.404728422Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:13.406072259Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:13.4036152Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:13.40498261Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:13.406568778Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.726593954Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.729635969Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:13.730843217Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:13.732305955Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:13.747840075Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:13.750191093Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:13.753459517Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:13.756005397Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:13.75934364Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:13.760752484Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:14.956605539Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:14.958125921Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:14.960739632Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:15.299481301Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:15.301572843Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:15.304507766Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:15.307022541Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:15.323139803Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:15.326857851Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:15.329712096Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:15.333609084Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:15.338345147Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:15.33977673Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:15.739822633Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:15.741480826Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:15.743350812Z 9 PC: 12a77 | Display string (Could not find end pointer)
2018-12-25T11:43:15.755920047Z 76 PC: 12a7c | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:16.482441556Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:16.483845545Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:16.486174592Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:16.814397548Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:16.81702723Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:16.818474526Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:16.820216399Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:16.847002672Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:16.848379362Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:16.850805962Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:16.853641581Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:16.857796258Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:16.859193887Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:16.843839943Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:16.845069414Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:16.847477984Z 53 PC: 12bc1 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:17.177665597Z 37 PC: 12da9 | Set interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:17.179603394Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:17.182685483Z 74 PC: 12dbf | Reallocate memory
2018-12-25T11:43:17.184964445Z 75 PC: 12e16 | Execute program
2018-12-25T11:43:17.203335501Z 250 PC: 13fd2 | UNKNOWN!
2018-12-25T11:43:17.205541125Z 42 PC: 13fd6 | Get date 0x13fd6: cmp dl, 0x1f
0x13fd9: jne 0x13fec
0x13fdb: cmp dh, 3
0x13fde: jne 0x13fec
0x13fe0: mov ah, 9
0x13fe2: mov dx, 0x13f
0x13fe5: int 0x21
0x13fe7: mov ax, 0x4c00
0x13fea: int 0x21
0x13fec: jmp 0x1412c
0x13fef: or cl, byte ptr [di]
0x13ff1: push si
0x13ff2: imul si, word ptr [bp + si + 0x75], 0x2073
0x13ff7: dec bp
0x13ff8: dec di
0x13ff9: push dx
0x13ffa: inc sp
0x13ffb: dec di
0x13ffc: push dx
0x13ffd: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:17.207949669Z 53 PC: 14131 | Get interrupt vector (Interrupt = '218' AKA 'UNKNOWN!')
2018-12-25T11:43:17.210978108Z 76 PC: 13fb5 | Terminate with return code (Return code = '0')
2018-12-25T11:43:17.215690629Z 37 PC: 12e20 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:17.217152013Z 49 PC: 12e25 | Terminate and stay resident (Return code = '0' | Memory size = '86')

{"DateBased":true,"Day":31,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1287,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:17.998124805Z 250 PC: 12a62 | UNKNOWN!
2018-12-25T11:43:17.999095583Z 42 PC: 12a66 | Get date 0x12a66: cmp dl, 0x1f
0x12a69: jne 0x12a7c
0x12a6b: cmp dh, 3
0x12a6e: jne 0x12a7c
0x12a70: mov ah, 9
0x12a72: mov dx, 0x13f
0x12a75: int 0x21
0x12a77: mov ax, 0x4c00
0x12a7a: int 0x21
0x12a7c: jmp 0x12bbc
0x12a7f: or cl, byte ptr [di]
0x12a81: push si
0x12a82: imul si, word ptr [bp + si + 0x75], 0x2073
0x12a87: dec bp
0x12a88: dec di
0x12a89: push dx
0x12a8a: inc sp
0x12a8b: dec di
0x12a8c: push dx
0x12a8d: and byte ptr [bp + 0x31], dh
2018-12-25T11:43:18.000778607Z 9 PC: 12a77 | Display string (Could not find end pointer)
2018-12-25T11:43:18.011511052Z 76 PC: 12a7c | Terminate with return code (Return code = '0')